What difference with a simple DC and DC with Global Catalog role?

What difference with a simple DC and DC with Global Catalog role?
LVL 1
SAM2009Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Afthab TIT ExpertCommented:
A global catalog server performs two key functions in Microsoft Windows 2000 domains:
1. When a user logs on to the network, the global catalog server provides universal group membership information for the account that sends the logon request to the domain controller.
2. The global catalog server lets a member of the domain find Active Directory directory service information regardless of the domain in the forest that contains the data.

http://support.microsoft.com/kb/296882
http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Premkumar YogeswaranSr. Analyst - System AdministratorCommented:
Krzysztof PytkoSenior Active Directory EngineerCommented:
Global Catalog has information about object location in whole forest. So, when you try to log on to PC you have to query GC to get information which DC holds particular object's data. Then you are able to access PC. At least one GC has to be available to be able logging to system. So if your GC server is broken you won't be able to log on to PCs. When you have more GC you dont' have to query other DCs.

Let's say you have 2 locations in different cities. If one has GC the other has to send query over WAN to get information about user's group membership and to be able log on. In other case when both of them are GC, you don't have to send WAN query because your local DC knows everything about objects.

I hope it's clear :/ I mess a little bit?

If not read this article please. It explains it well :)

http://www.petri.co.il/establishing-proper-global-catalog-placement-strategy.htm

Regards,
Krzysztof
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

SAM2009Author Commented:
Thank you for GC explainations but what is the purpose to just have a DC?
Krzysztof PytkoSenior Active Directory EngineerCommented:
DC solution is for companies which want tos have central management (users,groups etc). You have one place for user/group set up, you can manage it from one place. It's much easier to live with that than workgroup environment. If you have new user you set up an account in AD with initial password and he/she is able to log on on each PC in domain. For workgroup you have to do it on EACH PC where he/she will work. Also forgotten passwords are not a problem in AD, one place for reset password, in workgroup have have to reset password on each of them :)

And of course many other good stuff :)

Regards,
Krzysztof
SAM2009Author Commented:
Just to be clear if DC with GC role is down (and suppose there is no other GC server), does user can log on his pc if there is just a DC server?
Premkumar YogeswaranSr. Analyst - System AdministratorCommented:
Hi,

Is your domain is single domain or multi domain architecture?

For single domain there wont be any prob..

For multi domain:
If there is only one DC in your site, then it will be searching for nearest GC in other site.. becuase of this your system login will be slow.
If it could not find the GC it will login to system without Universal membership access token.. sure this will make your login performance delay..

Cheers,
Prem
SAM2009Author Commented:
Many thanks for your explanations!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.